Hi Peeps, I got technical query regarding how to change SSH v1 to SSH v2 in PA firewall, Because one of our customer got an alert from VAPT tool like as follows,. Description :- KPMG test team observed that the Secure Shell protocol version 1 support was enabled on the tested devices. Secure Shell is typically used as a cryptographically secure alternative to Telnet and other clear-text protocols. In addition to command-based access, Secure Shell services can enable the forwarding of network ports (such as X forwarding) or the transfer of files (such as Secure Copy or Secure File Transfer Protocol). There are two main versions of the Secure Shell protocol, version 1 and 2. Version 2 was developed to both extend the functionality of the protocol and to enhance security. It is common for Secure Shell servers that support both versions of the protocol to be capable of being configured to support connections from clients using different versions of the protocol in order to maintain backward compatibility. Severity :- Medium CVE/CWE ID :- N/A Impact :- Although flaws have been identified with Secure Shell protocol version 2, fundamental flaws exist in protocol version 1. Recommendation :- It is recommended that the Secure Shell service should be reconfigured to only support version 2 of the protocol.
... View more